plugin/tsig: new plugin TSIG (#4957)

* expose tsig secrets via dnsserver.Config * add tsig plugin Signed-off-by: Chris O'Haver <cohaver@infoblox.com>
2025-10-27 00:04:15 -04:00 · 2022-06-27 15:48:34 -04:00
parent 64885950cc
commit 68e141eff2
14 changed files with 1112 additions and 3 deletions
--- a/plugin/transfer/setup.go
+++ b/plugin/transfer/setup.go
@@ -28,8 +28,10 @@ func setup(c *caddy.Controller) error {
 	})

 	c.OnStartup(func() error {
+		config := dnsserver.GetConfig(c)
+		t.tsigSecret = config.TsigSecret
 		// find all plugins that implement Transferer and add them to Transferers
-		plugins := dnsserver.GetConfig(c).Handlers()
+		plugins := config.Handlers()
 		for _, pl := range plugins {
 			tr, ok := pl.(Transferer)
 			if !ok {
--- a/plugin/transfer/transfer.go
+++ b/plugin/transfer/transfer.go
@@ -18,6 +18,7 @@ var log = clog.NewWithPlugin("transfer")
 type Transfer struct {
 	Transferers []Transferer // List of plugins that implement Transferer
 	xfrs        []*xfr
+	tsigSecret  map[string]string
 	Next        plugin.Handler
 }

@@ -110,6 +111,9 @@ func (t *Transfer) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
 	// Send response to client
 	ch := make(chan *dns.Envelope)
 	tr := new(dns.Transfer)
+	if r.IsTsig() != nil {
+		tr.TsigSecret = t.tsigSecret
+	}
 	errCh := make(chan error)
 	go func() {
 		if err := tr.Out(w, r, ch); err != nil {